mirror of
https://github.com/Jermolene/TiddlyWiki5
synced 2024-12-24 17:10:29 +00:00
Admin configuration for anonymous read-write operations (#8736)
* mws authentication * add more tests and permission checkers * add logic to ensure that only authenticated users' requests are handled * add custom login page * Implement user authentication as well as session handling * work on user operations authorization * add middleware to route handlers for bags & tiddlers routes * add feature that only returns the tiddlers and bags which the user has permission to access on index page * refactor auth routes & added user management page * fix Ci Test failure issue * fix users list page, add manage roles page * add commands and scripts to create new user & assign roles and permissions * resolved ci-test failure * add ACL permissions to bags & tiddlers on creation * fix comments and access control list bug * fix indentation issues * working on user profile edit * remove list users command & added support for database in server options * implement user profile update and password change feature * update plugin readme * implement command which triggers protected mode on the server * revert server-wide auth flag. Implement selective authorization * ACL management feature * Complete Access control list implementation * Added support to manage users' assigned role by admin * fix comments * fix comment * Add user profile management and account deletion functionality * add success and error message feedback for user profile operations * fix indentation issues * Add command to create admin user if none exists when the start command is executed * refactor annonymous user flow with create admin implementation * remove mws-add-user from start command * admin configuration for annonymous read-write opearations * fix comments * change get-anon handler to POST
This commit is contained in:
parent
316bd65296
commit
e873518d6f
@ -0,0 +1,4 @@
|
||||
title: $:/config/MultiWikiServer/AllowAnonymousReads
|
||||
text: no
|
||||
description: Controls whether anonymous users can read wiki content
|
||||
type: text/plain
|
@ -0,0 +1,4 @@
|
||||
title: $:/config/MultiWikiServer/AllowAnonymousWrites
|
||||
text: no
|
||||
description: Controls whether anonymous users can write to the wiki
|
||||
type: text/plain
|
@ -410,6 +410,18 @@ Server.prototype.requestAuthentication = function(response) {
|
||||
}
|
||||
};
|
||||
|
||||
// Check if the anonymous IO configuration is set to allow both reads and writes
|
||||
Server.prototype.getAnonymousAccessConfig = function() {
|
||||
const allowReadsTiddler = this.wiki.getTiddlerText("$:/config/MultiWikiServer/AllowAnonymousReads", "undefined");
|
||||
const allowWritesTiddler = this.wiki.getTiddlerText("$:/config/MultiWikiServer/AllowAnonymousWrites", "undefined");
|
||||
|
||||
return {
|
||||
allowReads: allowReadsTiddler === "yes",
|
||||
allowWrites: allowWritesTiddler === "yes",
|
||||
isEnabled: allowReadsTiddler !== "undefined" && allowWritesTiddler !== "undefined"
|
||||
};
|
||||
}
|
||||
|
||||
|
||||
Server.prototype.requestHandler = function(request,response,options) {
|
||||
options = options || {};
|
||||
@ -440,7 +452,11 @@ Server.prototype.requestHandler = function(request,response,options) {
|
||||
|
||||
// Check whether anonymous access is granted
|
||||
state.allowAnon = false; //this.isAuthorized(state.authorizationType,null);
|
||||
|
||||
var {allowReads, allowWrites, isEnabled} = this.getAnonymousAccessConfig();
|
||||
state.allowAnon = isEnabled;
|
||||
state.allowAnonReads = allowReads;
|
||||
state.allowAnonWrites = allowWrites;
|
||||
state.showAnonConfig = !!state.authenticatedUser?.isAdmin && !state.allowAnon;
|
||||
state.firstGuestUser = this.sqlTiddlerDatabase.listUsers().length === 0 && !state.authenticatedUser;
|
||||
|
||||
// Authorize with the authenticated username
|
||||
|
@ -31,8 +31,8 @@ exports.handler = function(request,response,state) {
|
||||
"Content-Type": "text/html"
|
||||
});
|
||||
// filter bags and recipies by user's read access from ACL
|
||||
var allowedRecipes = recipeList.filter(recipe => sqlTiddlerDatabase.hasRecipePermission(state.authenticatedUser?.user_id, recipe.recipe_name, 'READ'));
|
||||
var allowedBags = bagList.filter(bag => sqlTiddlerDatabase.hasBagPermission(state.authenticatedUser?.user_id, bag.bag_name, 'READ'));
|
||||
var allowedRecipes = recipeList.filter(recipe => sqlTiddlerDatabase.hasRecipePermission(state.authenticatedUser?.user_id, recipe.recipe_name, 'READ') || state.allowAnonReads);
|
||||
var allowedBags = bagList.filter(bag => sqlTiddlerDatabase.hasBagPermission(state.authenticatedUser?.user_id, bag.bag_name, 'READ') || state.allowAnonReads);
|
||||
|
||||
// Render the html
|
||||
var html = $tw.mws.store.adminWiki.renderTiddler("text/plain","$:/plugins/tiddlywiki/multiwikiserver/templates/page",{
|
||||
@ -43,7 +43,8 @@ exports.handler = function(request,response,state) {
|
||||
"recipe-list": JSON.stringify(allowedRecipes),
|
||||
"username": state.authenticatedUser ? state.authenticatedUser.username : state.firstGuestUser ? "Annonymous User" : "Guest",
|
||||
"user-is-admin": state.authenticatedUser && state.authenticatedUser.isAdmin ? "yes" : "no",
|
||||
"first-guest-user": state.firstGuestUser ? "yes" : "no"
|
||||
"first-guest-user": state.firstGuestUser ? "yes" : "no",
|
||||
"show-annon-config": state.showAnonConfig ? "yes" : "no",
|
||||
}});
|
||||
response.write(html);
|
||||
response.end();
|
||||
|
@ -0,0 +1,50 @@
|
||||
/*\
|
||||
title: $:/plugins/tiddlywiki/multiwikiserver/routes/handlers/post-anon-config.js
|
||||
type: application/javascript
|
||||
module-type: mws-route
|
||||
|
||||
POST /admin/post-anon-config
|
||||
|
||||
\*/
|
||||
(function() {
|
||||
|
||||
/*jslint node: true, browser: true */
|
||||
/*global $tw: false */
|
||||
"use strict";
|
||||
|
||||
exports.method = "POST";
|
||||
|
||||
exports.path = /^\/admin\/post-anon-config\/?$/;
|
||||
|
||||
exports.bodyFormat = "www-form-urlencoded";
|
||||
|
||||
exports.csrfDisable = true;
|
||||
|
||||
exports.handler = function(request, response, state) {
|
||||
// Check if user is authenticated and is admin
|
||||
if(!state.authenticatedUser || !state.authenticatedUser.isAdmin) {
|
||||
response.writeHead(401, "Unauthorized", { "Content-Type": "text/plain" });
|
||||
response.end("Unauthorized");
|
||||
return;
|
||||
}
|
||||
|
||||
var allowReads = state.data.allowReads === "on";
|
||||
var allowWrites = state.data.allowWrites === "on";
|
||||
|
||||
// Update the configuration tiddlers
|
||||
var wiki = $tw.wiki;
|
||||
wiki.addTiddler({
|
||||
title: "$:/config/MultiWikiServer/AllowAnonymousReads",
|
||||
text: allowReads ? "yes" : "no"
|
||||
});
|
||||
wiki.addTiddler({
|
||||
title: "$:/config/MultiWikiServer/AllowAnonymousWrites",
|
||||
text: allowWrites ? "yes" : "no"
|
||||
});
|
||||
|
||||
// Redirect back to admin page
|
||||
response.writeHead(302, {"Location": "/"});
|
||||
response.end();
|
||||
};
|
||||
|
||||
}());
|
@ -0,0 +1,48 @@
|
||||
/*\
|
||||
title: $:/plugins/tiddlywiki/multiwikiserver/routes/handlers/post-anon.js
|
||||
type: application/javascript
|
||||
module-type: mws-route
|
||||
|
||||
POST /admin/anon
|
||||
|
||||
\*/
|
||||
(function() {
|
||||
|
||||
/*jslint node: true, browser: true */
|
||||
/*global $tw: false */
|
||||
"use strict";
|
||||
|
||||
exports.method = "POST";
|
||||
|
||||
exports.path = /^\/admin\/anon\/?$/;
|
||||
|
||||
exports.bodyFormat = "www-form-urlencoded";
|
||||
|
||||
exports.csrfDisable = true;
|
||||
|
||||
exports.handler = function(request, response, state) {
|
||||
// Check if user is authenticated and is admin
|
||||
if(!state.authenticatedUser || !state.authenticatedUser.isAdmin) {
|
||||
response.writeHead(401, "Unauthorized", { "Content-Type": "text/plain" });
|
||||
response.end("Unauthorized");
|
||||
return;
|
||||
}
|
||||
|
||||
|
||||
// Update the configuration tiddlers
|
||||
var wiki = $tw.wiki;
|
||||
wiki.addTiddler({
|
||||
title: "$:/config/MultiWikiServer/AllowAnonymousReads",
|
||||
text: "undefined"
|
||||
});
|
||||
wiki.addTiddler({
|
||||
title: "$:/config/MultiWikiServer/AllowAnonymousWrites",
|
||||
text: "undefined"
|
||||
});
|
||||
|
||||
// Redirect back to admin page
|
||||
response.writeHead(302, {"Location": "/"});
|
||||
response.end();
|
||||
};
|
||||
|
||||
}());
|
@ -46,6 +46,8 @@ exports.middleware = function (request, response, state, entityType, permissionN
|
||||
// Then use decodeURIComponent for the rest
|
||||
var decodedEntityName = decodeURIComponent(partiallyDecoded);
|
||||
var aclRecord = sqlTiddlerDatabase.getACLByName(entityType, decodedEntityName);
|
||||
var isGetRequest = request.method === "GET";
|
||||
var hasAnonymousAccess = isGetRequest ? state.allowAnonReads : state.allowAnonWrites;
|
||||
// Get permission record
|
||||
const permission = sqlTiddlerDatabase.getPermissionByName(permissionName);
|
||||
// ACL Middleware will only apply if the entity has a middleware record
|
||||
@ -58,7 +60,7 @@ exports.middleware = function (request, response, state, entityType, permissionN
|
||||
}
|
||||
}
|
||||
// Check if user is authenticated
|
||||
if(!state.authenticatedUser && !response.headersSent) {
|
||||
if(!state.authenticatedUser && !hasAnonymousAccess && !response.headersSent) {
|
||||
response.writeHead(401, "Unauthorized");
|
||||
response.end();
|
||||
return;
|
||||
@ -66,7 +68,7 @@ exports.middleware = function (request, response, state, entityType, permissionN
|
||||
|
||||
// Check ACL permission
|
||||
var hasPermission = request.method === "POST" || sqlTiddlerDatabase.checkACLPermission(state.authenticatedUser.user_id, entityType, decodedEntityName, permissionName)
|
||||
if(!hasPermission) {
|
||||
if(!hasPermission && !hasAnonymousAccess) {
|
||||
if(!response.headersSent) {
|
||||
response.writeHead(403, "Forbidden");
|
||||
response.end();
|
||||
|
@ -0,0 +1,27 @@
|
||||
title: $:/plugins/tiddlywiki/multiwikiserver/templates/anon-config-modal
|
||||
subtitle: Anonymous Access Configuration
|
||||
class: mws-modal
|
||||
|
||||
<div class="mws-modal-container">
|
||||
<div class="mws-modal-content">
|
||||
<h1>Anonymous Access Configuration</h1>
|
||||
<p>This configuration allows anonymous users to read and write to the wiki.</p>
|
||||
<form class="mws-anon-config-form" method="POST" action="/admin/post-anon-config">
|
||||
<div class="mws-modal-section">
|
||||
<$set name="isChecked" value={{{ [[$:/config/MultiWikiServer/AllowAnonymousReads]get[text]] }}}>
|
||||
<input type="checkbox" name="allowReads" checked=<<isChecked>>/> Allow anonymous reads
|
||||
</$set>
|
||||
</div>
|
||||
<div class="mws-modal-section">
|
||||
<$set name="isChecked" value={{{ [[$:/config/MultiWikiServer/AllowAnonymousWrites]get[text]] }}}>
|
||||
<input type="checkbox" name="allowWrites" checked=<<isChecked>>/> Allow anonymous writes
|
||||
</$set>
|
||||
</div>
|
||||
<div class="mws-modal-buttons">
|
||||
<button type="submit" class="mws-modal-button-primary">
|
||||
Save Changes
|
||||
</button>
|
||||
</div>
|
||||
</form>
|
||||
</div>
|
||||
</div>
|
@ -41,6 +41,12 @@ title: $:/plugins/tiddlywiki/multiwikiserver/templates/get-index
|
||||
</div>
|
||||
</$list>
|
||||
|
||||
<$list filter="[<show-annon-config>match[yes]]">
|
||||
<$tiddler tiddler="$:/plugins/tiddlywiki/multiwikiserver/templates/anon-config-modal">
|
||||
<$transclude/>
|
||||
</$tiddler>
|
||||
</$list>
|
||||
|
||||
<ul class="mws-vertical-list">
|
||||
<$list filter="[<recipe-list>jsonindexes[]] :sort[<currentTiddler>jsonget[recipe_name]]" variable="recipe-index">
|
||||
<li>
|
||||
@ -284,4 +290,64 @@ title: $:/plugins/tiddlywiki/multiwikiserver/templates/get-index
|
||||
.mws-security-warning-button:hover {
|
||||
background-color: #6d5204;
|
||||
}
|
||||
|
||||
.mws-modal-container {
|
||||
position: fixed;
|
||||
top: 0;
|
||||
left: 0;
|
||||
width: 100%;
|
||||
height: 100%;
|
||||
background-color: rgba(0, 0, 0, 0.5);
|
||||
}
|
||||
|
||||
.mws-modal-content {
|
||||
background-color: #fefefe;
|
||||
margin: 15% auto;
|
||||
padding: 20px;
|
||||
border: 1px solid #888;
|
||||
width: 80%;
|
||||
max-width: 500px;
|
||||
}
|
||||
|
||||
.mws-config-button {
|
||||
background-color: #4CAF50;
|
||||
color: white;
|
||||
padding: 8px 16px;
|
||||
border: none;
|
||||
border-radius: 4px;
|
||||
cursor: pointer;
|
||||
margin-bottom: 1rem;
|
||||
}
|
||||
|
||||
.mws-config-button:hover {
|
||||
background-color: #45a049;
|
||||
}
|
||||
|
||||
.mws-modal-content {
|
||||
padding: 20px;
|
||||
}
|
||||
|
||||
.mws-modal-section {
|
||||
margin-bottom: 15px;
|
||||
}
|
||||
|
||||
.mws-modal-buttons {
|
||||
display: flex;
|
||||
gap: 10px;
|
||||
justify-content: flex-end;
|
||||
margin-top: 20px;
|
||||
}
|
||||
|
||||
.mws-modal-button-primary {
|
||||
background-color: #4CAF50;
|
||||
color: white;
|
||||
padding: 8px 16px;
|
||||
border: none;
|
||||
border-radius: 4px;
|
||||
cursor: pointer;
|
||||
}
|
||||
|
||||
.mws-modal-button-primary:hover {
|
||||
background-color: #45a049;
|
||||
}
|
||||
</style>
|
||||
|
@ -10,6 +10,9 @@ title: $:/plugins/tiddlywiki/multiwikiserver/templates/mws-header
|
||||
<div class="mws-admin-dropdown-content">
|
||||
<a href="/admin/users">Manage Users</a>
|
||||
<a href="/admin/roles">Manage Roles</a>
|
||||
<form action="/admin/anon" method="post" class="mws-admin-form">
|
||||
<input type="submit" value="Reconfigure Anonymous Access" class="mws-admin-form-button"/>
|
||||
</form>
|
||||
</div>
|
||||
</div>
|
||||
<% elseif [<username>!match[Guest]]+[<first-guest-user>match[no]] %>
|
||||
@ -104,4 +107,23 @@ title: $:/plugins/tiddlywiki/multiwikiserver/templates/mws-header
|
||||
cursor: pointer;
|
||||
padding: 5px 10px;
|
||||
}
|
||||
|
||||
.mws-admin-form {
|
||||
margin: 0;
|
||||
}
|
||||
|
||||
.mws-admin-form-button {
|
||||
width: 100%;
|
||||
text-align: left;
|
||||
padding: 12px 16px;
|
||||
background: none;
|
||||
border: none;
|
||||
color: black;
|
||||
cursor: pointer;
|
||||
font-size: inherit;
|
||||
}
|
||||
|
||||
.mws-admin-form-button:hover {
|
||||
background-color: #ddd;
|
||||
}
|
||||
</style>
|
Loading…
Reference in New Issue
Block a user